Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

RSS2 1 bug: feed shows everything to everyone

edited July 2006 in Vanilla 1.0 Help
I just installed Mark's RSS2 1 add-on, and it's working great, except I noticed that I could see things in the feed that I shouldn't be able to. Specifically, the feed seems not to filter entries a given person doesn't have permission to see. For instance, when I'm not even logged on, I can view the feed for all discussions, and see discussions that are admin-only restricted. Still not logged on, when viewing a discussion that I know has a lot of whispers, I can't see them in the browser window but all whispers show up in the feed. Sorry if this is a repeat, but I did a couple searches and found no mention of this issue. I'm using the latest version of Vanilla and RSS2 1, just f.y.i.


  • Options
    I installed it and have noticed that on my forums (which are private) the RSS Feed does ask for a password ... however it doesn't authorise correctly, so it's not loading in the RSS Reader :(
  • Options
    The only thing i can think of here maxoid is if your 'unauthenticated' role has permissions to view those things? If you can confirm it doesnt I'll dig deeper...
  • Options
    Unauthenticated can see discussions, but certainly not whispers. If I diable Unauthenticated's ability to see discussions at all, period, then of course they can't see the RSS feed either. Signed in or not, and no matter who you're signed in as, you can see everyone's whispers. No password is asked for. We disabled the add-on for now, since our users seem to enjoy whispering often. Again, this is only in the RSS feed. You can see only what you're allowed to in the normal side of things; it behaves as expected.
This discussion has been closed.